upstream/prometheus
1
0
Fork 0
mirror of https://github.com/prometheus/prometheus.git synced 2025-12-18 21:26:32 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Merge pull request #17639 from JorTurFer/oauth-docs

Browse source 
chore: Update docs to reflect new oauth parameters
This commit is contained in:
Jan Fajerski 2025-12-18 13:41:37 +01:00 committed by GitHub
commit 45cf485168
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 41 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
docs/configuration/configuration.md
View file

@ -761,16 +761,56 @@ A `tls_config` allows configuring TLS connections.
OAuth 2.0 authentication using the client credentials or password grant type.
Prometheus fetches an access token from the specified endpoint with
the given client access and secret keys.
the given client access and credentials.
```yaml
client_id: <string>
# OAuth2 grant type to use. It can be one of
# "client_credentials" or "urn:ietf:params:oauth:grant-type:jwt-bearer" (RFC 7523).
# Default value is "client_credentials"
[ grant_type: <string> ]
# Client secret to provide to authorization server. Only used if
# GrantType is set empty or set to "client_credentials".
[ client_secret: <secret> ]
# Read the client secret from a file.
# It is mutually exclusive with `client_secret`.
[ client_secret_file: <filename> ]
# Secret key to sign JWT with. Only used if
# GrantType is set to "urn:ietf:params:oauth:grant-type:jwt-bearer".
[ client_certificate_key: <secret> ]
# Read the secret key from a file.
# It is mutually exclusive with `client_certificate_key`.
[ client_certificate_key_file: <filename> ]
# JWT kid value to include in the JWT header. Only used if
# GrantType is set to "urn:ietf:params:oauth:grant-type:jwt-bearer".
[ client_certificate_key_id: <string> ]
# Signature algorithm used to sign JWT token. Only used if
# GrantType is set to "urn:ietf:params:oauth:grant-type:jwt-bearer".
# Default value is RS256 and valid values RS256, RS384, RS512
[ signature_algorithm: <string> ]
# OAuth client identifier used when communicating with
# the configured OAuth provider. Default value is client_id. Only used if
# GrantType is set to "urn:ietf:params:oauth:grant-type:jwt-bearer".
[ iss: <string> ]
# Intended audience of the request. If empty, the value
# of TokenURL is used as the intended audience. Only used if
# GrantType is set to "urn:ietf:params:oauth:grant-type:jwt-bearer".
[ audience: <string> ]
# Map of claims to be added to the JWT token. Only used if
# GrantType is set to "urn:ietf:params:oauth:grant-type:jwt-bearer".
claims:
[ <string>: <string> ... ]
# Scopes for the token request.
scopes:
[ - <string> ... ]